And the kernel of CentOS 5 has its own share of security issues, which will no longer get fixed due to EOL status of CentOS 5. Consider telling your customer to move to a newer still supported release before they get hacked due to these security issues.